Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

okta_app_signon_policy > catch_all problems after update from 4.11 to 4.13.1 #2197

Open
MichalMMac opened this issue Jan 30, 2025 · 0 comments
Open

okta_app_signon_policy > catch_all problems after update from 4.11 to 4.13.1 #2197

MichalMMac opened this issue Jan 30, 2025 · 0 comments

Comments

@MichalMMac
Copy link

We have bunch of existing okta_app_signon_policy resources such as this one:

resource "okta_app_signon_policy" "example-something" {
  name        = "Example - Something"
  description = "Foo Bar"
}

After upgrading the provider from 4.11 to 4.13.1 terraform plan wanted to do this change:

  # okta_app_signon_policy.example-something will be updated in-place
  ~ resource "okta_app_signon_policy" "example-something" {
      + catch_all       = true
      + default_rule_id = (known after apply)
        id              = "<SOME ID>"
        name            = "Example - Something"
        # (1 unchanged attribute hidden)
    }

After going through with this we got this error from terraform apply:

Error: Provider returned invalid result object after apply
After the apply operation, the provider still indicated an unknown value for
okta_app_signon_policy.example-something.default_rule_id. All values must be
known after apply, so this is always a bug in the provider and should be
reported in the provider's own repository. Terraform will still save the
other known object values in the state.

So here I am reporting the thing.

On the next terraformapply run the error message is no longer there for most of the policies but the problem persists for special authentication policies such as okta-admin-console and microsoft-365.

terraform plan:

  # okta_app_signon_policy.microsoft-365 will be updated in-place
  ~ resource "okta_app_signon_policy" "microsoft-365" {
      + default_rule_id = (known after apply)
        id              = "<ID>"
        name            = "Microsoft Office 365"
        # (2 unchanged attributes hidden)
    }

terraform apply:

Error: Provider returned invalid result object after apply

After the apply operation, the provider still indicated an unknown value for
okta_app_signon_policy.microsoft-365.default_rule_id. All values must be
known after apply, so this is always a bug in the provider and should be
reported in the provider's own repository. Terraform will still save the
other known object values in the state.

Result -> We had to return to 4.11 provider version since we want to have both these policies in terraform.

Also we had the default any-two-factors okta_app_signon_policy imported in terraform state. Provider attempted to update it but this resulted in 403.

Error: failed to update access policy
  with okta_app_signon_policy.any-two-factors,
  on policy_authentication_okta_default.tf line 60, in resource "okta_app_signon_policy" "any-two-factors":
  60: resource "okta_app_signon_policy" "any-two-factors" {
403 Forbidden

Result -> We had to remove okta_app_signon_policy.any-two-factors from our terraform code by using removed block.
@MichalMMac MichalMMac changed the title okta_app_signon_policy catch_all prolems after update from 4.11 to 4.13.1 okta_app_signon_policy catch_all prolems after update from 4.11 to 4.13.1 Jan 30, 2025
@MichalMMac MichalMMac changed the title okta_app_signon_policy catch_all prolems after update from 4.11 to 4.13.1 okta_app_signon_policy > catch_all problems after update from 4.11 to 4.13.1 Jan 30, 2025
@south-mer south-mer mentioned this issue Jan 31, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MichalMMac